我怎么能拒绝用户访问我的骨干应用的部分,如果他们没有登录? [英] How can I deny users access to parts of my Backbone App if they have not logged in?
问题描述
所以我有一个主干应用+网络主页。现在,如果您登录到我的网站,我创建了一个全局对象从数据库用户的详细信息。但是,你仍然可以只打在直接在应用程序的途径之一。
So I've got a Backbone application + web homepage. Right now, if you login to my website, I create a global object with your user details from the database. However, you can still just hit one of the routes in the application directly.
如何处理谁不登录用户重定向到一个你必须登录页面?
How should I handle users who are not "logged in" and redirect them to a "you must login page"?
这是一个标准的操作?基本上,我有一个REST的URL设置仅仅返回
Is this a standard operation? Basically, I have a REST url setup that returns just
{的sessionId:[PHP的会话ID-这里]}
如果他们登录,它会返回更多的东西是这样的:
If they are logged in, it would return something more like this:
{
sessionId: [php-sess-id],
userId: [user-id-from-db],
firstName: [f-name],
lastName: [l-name]
}
想法?谢谢!
推荐答案
我已经在过去做的是包括使用jQuery(实际上,加入jQuery的文件)的AJAX方法的扩展,以及在每一页上检查自定义code,我送时未登录的用户。当该值被视为它重定向用户到登录页面,无论发生了什么事情下来。
What I've done in the past is to include on every page along with jQuery (actually, added to the jQuery file) an extension on the AJAX method to check for a custom code that I send when a user isn't logged in. When that value was seen it redirected the user to the login page regardless of what was going down.
这是因为该网站有一个超时上登录,因此用户可以得到注销,而坐在一个页面上,然后AJAX请求只会失败。如果您没有在登录超时而曾经看到这个问题的可能性很小。只是忽略来自未在登录用户的请求。
This was because that site had a time out on login, so a user could get logged out while sitting on a page and then the AJAX request would just fail. If you don't have a timeout on the login the odds of ever seeing this issue are slim. Just ignore requests that come from users that aren't logged in.
如果您需要帮助编码这一点,从这里开始:扩展的Ajax:prefilters,转换器和运输。
If you need help coding this, start here: Extending Ajax: Prefilters, Converters, and Transports.
确实不应该要求任何复杂的伪code:
Really shouldn't require anything as complex as pseudo-code:
- JS需要做一些AJAX,所以JS会谈到服务器
- 如果需要的PHP检查登录
- 如果没有登录,发回中止消息(我用一个转换器搭上notLoggedIn的数据类型。但是,这也与传输来完成,他们只是更复杂。)
- JS看到中止消息,并做了window.location的重定向,而不是回到AJAX的消息。
如果你愿意,你可以加载一个登录表单灯箱和发送通过AJAX到PHP的地方重新登录可能发生,如果你还记得的AJAX尝试失败,您可以登录后再次发送。然后,用户甚至不需要离开重新登录的页面。
If you want, you could load a lightbox with a login form and send that via AJAX to PHP where a re-login can take place, if you remember the AJAX attempt that failed you can send it again after login. Then the user doesn't even need to leave the page to log back in.
这篇关于我怎么能拒绝用户访问我的骨干应用的部分,如果他们没有登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
